Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
428Bypassing Akamai’s Web Application Firewall Using an Injected Content-Encoding Header WAF bypass CRLF injection XSS Akamai Adam Crosser Bug Bounty2023-02-212023-06-13
427Escaping misconfigured VSCode extensions Path traversal DNS rebinding XSS HTML injection Webview CSP bypass Microsoft (SARIF viewer & Live Preview) Vasco Franco Bug Bounty2023-02-212023-06-13
426Reflected Cross site scripting on reddit website (bounty awards $5000) Reflected XSS Reddit ShuttlerTech Bug Bounty2023-02-212023-06-13
405How I found DOM-Based XSS on Microsoft MSRC and How they fixed it DOM XSS Microsoft Supakiad S. (@Supakiad_Mee) Bug Bounty2023-02-232023-06-13
402Blind XSS fired on Admin panel worth $2000 Blind XSS NA Feri Susanto (@feribytex) Bug Bounty2023-02-242023-06-13
400Microsoft Azure Account Takeover via DOM-based XSS in Cosmos DB Explorer Account takeover DOM XSS Microsoft (Azure) Ngo Wei Lin (@Creastery) Bug Bounty2023-02-242023-06-13
392How I got a $2000 bounty with RXSS Reflected XSS NA Hashir Sami Khan (@P4n7h3Rx) Bug Bounty2023-02-262023-06-13
387Interesting Stored XSS in sandboxed environment to Full Account Takeover Stored XSS Account takeover NA Anurag__Verma Bug Bounty2023-02-272023-06-13
373Exfiltrating AWS Credentials via PDF Rendering of Unsanitized Input SSRF HTML injection XSS NA Cristi Vlad (@CristiVlad25) Bug Bounty2023-03-012023-06-13
372Abusing Hop-by-Hop Header to Chain A CRLF Injection Vulnerability CRLF injection Hop-by-hop header XSS NA Simon Bräuer (@redshark1802) Bug Bounty2023-03-012023-06-13
363The Story of My First Reflected XSS Reflected XSS NA Ahmed Kamal Abu_Elwafa (@AhmedKa01184061) Bug Bounty2023-03-032023-06-13
357GitHub Security Lab audited DataHub: Here’s what they found SSRF Insecure deserialization Cypher injection Authentication bypass Authorization bypass XSS Open redirect JWT JSON injection Cryptographic issues Session expiration issue Security code review DataHub Alvaro Muñoz (@pwntester) Bug Bounty2023-03-032023-06-13
330CorePlague: Severe Vulnerabilities in Jenkins Server Lead to RCE RCE XSS Security code review Jenkins Ilay Goldman (@GoldmanIlay) Bug Bounty2023-03-082023-06-13
329Self XSS To Stored Through IDOR/ IDOR Self-XSS Stored XSS NA Arben Shala (@arbennsh) Bug Bounty2023-03-082023-06-13
322Rxss inside href attribute - Bypassing lots of weird checks to takeover accounts! Reflected XSS WAF bypass NA Ashutosh Dutta (@maniacmarvel_) Bug Bounty2023-03-102023-06-13
317Account Takeover: An Epic Bug Bounty Story Account takeover Self-XSS Pre-account takeover NA Jaydev Ahire Bug Bounty2023-03-112023-06-13
316[Netflix][Smart TV] — Chaining Self-XSS with Session poisoning. Self-XSS Cookie injection Session management issue Netflix Lyubomir Tsirkov (@lyubo_tsirkov) Bug Bounty2023-03-112023-06-13
315CCAI XSS Google NDevTK (@ndevtk) Bug Bounty2023-03-112023-06-13
295Bypassing Character Limit - XSS Using Spanned Payload XSS Account takeover NA SMHTahsin33 (@SMHTahsin33) Bug Bounty2023-03-152023-06-13
289Anatomy of a Reflected XSS: My Discovery on a Microsoft’s Subdomain Reflected XSS Microsoft Sawrav Chowdhury Bug Bounty2023-03-172023-06-13
266CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltip Stored XSS Grafana Labs Aswin K V (@deep_marketer_) Bug Bounty2023-03-252023-06-13
264My Journey to Nokia Hall of Fame in just 10 minutes DOM XSS Open redirect Nokia Rajdip Bug Bounty2023-03-272023-06-13
255BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained Account takeover Azure AD Cloud XSS Privilege escalation Microsoft (Bing) Hillai Ben-Sasson (@hillai) Bug Bounty2023-03-292023-06-13
254It’s a (SNMP) Trap: Gaining Code Execution on LibreNMS RCE Stored XSS Security code review LibreNMS Stefan Schiller (@scryh_) Bug Bounty2023-03-292023-06-13
248Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) RCE XSS Cloud Microsoft (Azure) Lidor Ben Shitrit Bug Bounty2023-03-302023-06-13